docker_networks: replace self-written code with module (#599)

Reviewed-on: #599 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
2023-11-12 21:53:11 +01:00 · 2023-11-12 21:53:11 +01:00 · 55f002f828
commit 55f002f828
parent f4db26b373
6 changed files with 25 additions and 22 deletions
--- a/docker-compose/woodpecker/docker-compose.yml.j2
+++ b/docker-compose/woodpecker/docker-compose.yml.j2
@ -3,6 +3,7 @@ version: '3'

 services:
  woodpecker-server:
+    restart: always
    container_name: woodpecker-server
    image: woodpeckerci/woodpecker-server:latest
    ports:
--- a/group_vars/ansible.yml
+++ b/group_vars/ansible.yml
@ -7,6 +7,7 @@ pip_install_packages:
  - name: ara
  - name: jmespath
  - name: ansible
+  - name: docker-compose

 ### mgrote.apt_manage_packages
 apt_packages_extra:
--- a/group_vars/docker.yml
+++ b/group_vars/docker.yml
@ -14,8 +14,10 @@ lvm_groups:
        mntp: /var/lib/docker
 manage_lvm: true
 pvresize_to_max: true
+
 ### mgrote.restic
 restic_folders_to_backup: "/ /var/lib/docker" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
+
 ### mgrote.user
 users:
  - username: mg
@ -47,6 +49,8 @@ users:
 docker_users:
  - mg
  - docker-user
+docker_install_compose: true
+docker_add_repo: false # erstelle kein Repo-Eintrag unter /etc/apt/sources.list.d/, steht explizit unter "repos_override"

 ### mgrote.docker-compose-deploy
 docker_compose_base_dir: /home/docker-user
--- a/host_vars/docker10.grote.lan.yml
+++ b/host_vars/docker10.grote.lan.yml
@ -73,6 +73,9 @@ compose_files:
    network: traefik
  - name: photoprism
    state: present
+  - name: whoami
+    state: absent
+    network: traefik_test

 ### oefenweb.ufw
 ufw_rules:
--- a/requirements.yml
+++ b/requirements.yml
@ -2,6 +2,7 @@ collections:
  - git+https://git.mgrote.net/ansible-collections-mirrors/community.general
  - git+https://git.mgrote.net/ansible-collections-mirrors/community.crypto
  - git+https://git.mgrote.net/ansible-collections-mirrors/ansible.posix
+  - git+https://git.mgrote.net/ansible-collections-mirrors/community.docker
 roles:
  - src: https://git.mgrote.net/ansible-roles-mirrors/pyratlabs-ansible-role-k3s
    scm: git
--- a/roles/mgrote_docker_compose_inline/tasks/main.yml
+++ b/roles/mgrote_docker_compose_inline/tasks/main.yml
@ -9,7 +9,7 @@
    group: "{{ compose_group }}"

 # https://codeutility.org/ansible-can-the-templates-module-handle-multiple-templates-directories-stack-overflow/
- name: copy all directories recursively
+- name: ensure all directories exists
  ansible.builtin.file:
    dest: "{{ compose_dest_basedir }}/{{ item | replace(compose_src_basedir + '/', '') }}"
    state: directory
@ -18,7 +18,7 @@
    group: "{{ compose_group }}"
  with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type d').split('\n') }}"

- name: copy all files recursively (can take a long time)
+- name: ensure all files exists (can take a long time)
  ansible.builtin.copy:
    mode: "{{ compose_file_permissions }}"
    owner: "{{ compose_owner }}"
@ -28,7 +28,7 @@
  with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/  -type f -not -name *.j2 ').split('\n') }}"
  no_log: true

- name: copy templates files recursively
+- name: ensure templated files exists
  ansible.builtin.template:
    mode: "{{ compose_file_permissions }}"
    owner: "{{ compose_owner }}"
@ -36,24 +36,18 @@
    src: "{{ item }}"
    dest: "{{ compose_dest_basedir }}/{{ item | replace(compose_src_basedir + '/', '') | replace('.j2', '') }}"
  with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type f -name *.j2').split('\n') }}"
-  register: copy_template
  no_log: true

-#  - name: print $copy_template
-#    ansible.builtin.debug:
-#      var: copy_template
-
- name: create networks
+- name: Ensure needed networks exists
  become: true
-  ansible.builtin.command: "docker network create {{ item.network }}" # erstelle network
-  register: network_result # speichere ergebnis in var
-  changed_when: "network_result.rc == 0" # markiere tasks als changed when exit-code == 0
-  failed_when:
-    - "not 'Error response from daemon: network with name' in network_result.stderr"
-    - "not network_result.rc == 0"
+  community.docker.docker_network:
+    name: "{{ item.network }}"
+    state: present
+    internal: false
+    enable_ipv6: false
+    driver: bridge
  loop: "{{ compose_files }}"
  when:
-    - item.state == "present"
    - item.network is defined

 - name: (re)start container
@ -78,16 +72,15 @@
    - item.state == "absent"
  ignore_errors: true # noqa ignore-errors

- name: remove old networks
+- name: Ensure old networks are absent
  become: true
-  ansible.builtin.command: "docker network remove {{ item.network }}" # erstelle network
-  register: network_result # speichere ergebnis in var
-  changed_when: "network_result.rc == 0" # markiere tasks als changed when exit-code == 0
-  ignore_errors: true # noqa ignore-errors
+  community.docker.docker_network:
+    name: "{{ item.network }}"
+    state: absent
  loop: "{{ compose_files }}"
  when:
-    - item.state == "absent"
    - item.network is defined
+    - item.state == "absent"

 - name: remove old docker-compose files & directories
  become: true